Raj wrote:
HI all!
I have installed squid-2.5.STABLE3 on a RH 8.0/2.4.20-custom kernel/WCCP
patch/ P4/ 1 GB RAM/ 30 GB SCSI cache_dir system. I am using diskd.
I have compiled squid with:
./configure --enable-poll --enable-linux-netfilter --enable-snmp
--enable-storeio=aufs,diskd,ufs
Hi!
Our problem: Every so often a client in the internal net runs amok and
hammers the proxy with about 50 (!) connections per second.
Squid does handle this, but it's really futile -- we'd like to stop
the client before squid gets to see the packets.
So I thought iptables --limit could do the
Pada hari Senin, 16 Juni 2003 15:49, Ralf Hildebrandt menulis:
So I thought iptables --limit could do the trick.
Before I reinvent the whell, I'd like to ask if someone already has
such a connection rate limiter per IP in place (and how it looks).
I think, using htb or cbq would become a
Hello,
I am looking for solution with Squid (actually SquidNT 2.5STABLE3)
to ban upload by two criteria:
1. ACL domain/url AND
2. POST/GET method size upper limit(like 500 bytes, 2Kb and so on).
This is for limiting user sending large mail messages through
web-mailers.
On Monday 16 June 2003 02.30, John Blance wrote:
To actually check you need to use the ldap attributes [of the user
object]
logingraceremaining and logingracelimit
when logingraceremaining is less than logingracelimit the password
has expired and the user needs to be redirected to the Your
On Monday 16 June 2003 05.59, Mohammad Ali Agheli wrote:
Hello all,
I use squid-2.4.STABLE6-6.6.2 and squidGuard-1.1.4-5 on the Redhat
6.2 for Internet filtering.
When I use this system in high Internet bandwidth, I have extra
send request, so decrease network speed.
Is it a squid bug?
How
On Monday 16 June 2003 09.49, Ralf Hildebrandt wrote:
So I thought iptables --limit could do the trick.
Before I reinvent the whell, I'd like to ask if someone already has
such a connection rate limiter per IP in place (and how it
looks).
iptables -m limit should handle such case nicely, but
* Henrik Nordstrom [EMAIL PROTECTED]:
So I thought iptables --limit could do the trick.
Before I reinvent the whell, I'd like to ask if someone already has
such a connection rate limiter per IP in place (and how it
looks).
iptables -m limit should handle such case nicely, but you will
On Monday 16 June 2003 05.54, Adi Nugroho wrote:
Pada hari Sabtu, 14 Juni 2003 21:27, Henrik Nordstrom menulis:
On Saturday 14 June 2003 08.36, Adi Nugroho wrote:
I'm using squid proxy server, and want to use 2 parent proxy.
First parent cor certain destination (based on ip address), and
On Monday 16 June 2003 07.39, Raj wrote:
/var/log/messages:
Jun 13 21:44:15 cache2 kernel: (scsi0:A:1:0): Locking max tag count
at 64
Jun 13 22:20:25 cache2 kernel: Unable to handle kernel NULL pointer
dereference
at virtual address 019f
This is a kernel issue, not a Squid problem.
taken from: http://www.cs.princeton.edu/~jns/security/iptables/
## SYN-FLOODING PROTECTION
# This rule maximises the rate of incoming connections. In order to do this
we divert tcp
# packets with the SYN bit set off to a user-defined chain. Up to
limit-burst connections
# can arrive in 1/limit
On Monday 16 June 2003 10.27, Andrius Kriukovas wrote:
How can this be done? I know the global directive
request_body_max_size xxx kB, but I cannot combine it with specific
domains (perhaps other ACL). I've got suggestions to use
delay-pools, but I am not shure if they limit upload
Hi all,
I'm running Squid 2.5-STABLE2 on a FreeBSD 4.8-STABLE machine compiled with
-enable-ipf-transparent (-STABLE doesn't have the IPFilter headers installed
in /usr/include/netinet, copied in manually).
The kernel is compiled with `pseudo-device gre', followed instructions on
Hi Raphael,
I have a couple of Squid servers running on FreeBSD 4.7-RELEASE with GRE
support.
-Original Message-
From: Raphael Maseko [mailto:[EMAIL PROTECTED]
Sent: Monday, June 16, 2003 5:31 PM
To: [EMAIL PROTECTED]
Hi,
I got it working on FreeBSD 4.6.2 with the help of the
I actually have it working (GRE tunnel on FreeBSD 4.8-STABLE) using ipfw and
not IPFilter. I'd like to know why the configuration doesn't work with
IPFilter.
-Original Message-
From: Raphael Maseko [mailto:[EMAIL PROTECTED]
Sent: Monday, June 16, 2003 5:39 PM
To: [EMAIL PROTECTED]
I
read your reply to Pada's problem, am using htb for this solution too and
not squid, but I cant manage the inbound/outbound traffic properly or so it
seems, so bandwidth hogging tools, like email spiders and email harvesters
tend to suck it up, am trying to look into IMQ method.
Am wondering
How can this be done? I know the global directive
request_body_max_size xxx kB, but I cannot combine it with specific
domains (perhaps other ACL). I've got suggestions to use
delay-pools,
but I am not shure if they limit upload trafic.
As you note the built in
i have installed webalizer : webalizer-2.01_10-9.i386.rpm
but when i let it work.
i get this :
slippingbad record (16315)
warningL truncating oversized username
no valid record found!
and now ? lol
Met vriendelijke groeten,
kelly kloen
medewerker systeembeheerder De Breul
On Monday 16 June 2003 12.20, Andrius Kriukovas wrote:
As you note the built in request_body_max_size is a bit too
limited for your purpose, but you should be able to make a custom
acl via external_acl_type for this based on the Content-Length
header.
Hi,
Maybe you have exact eamples
On Monday 16 June 2003 10.58, Jay Turner wrote:
iptables -N syn-flood
iptables -A INPUT -i $IFACE -p tcp --syn -j syn-flood
iptables -A syn-flood -m limit --limit 1/s --limit-burst 80 -j
RETURN iptables -A syn-flood -j LOG --log-prefix
syn-flood-protection: iptables -A syn-flood -j DROP
On Monday 16 June 2003 10.45, Ralf Hildebrandt wrote:
* Henrik Nordstrom [EMAIL PROTECTED]:
So I thought iptables --limit could do the trick.
Before I reinvent the whell, I'd like to ask if someone already
has such a connection rate limiter per IP in place (and how
it looks).
On Monday 16 June 2003 11.31, [EMAIL PROTECTED] wrote:
Hi Raphael,
I have a couple of Squid servers running on FreeBSD 4.7-RELEASE
with GRE support.
And this server is using the same patched GRE module?
If you do not patch your GRE module then your FreeBSD box will not at
all react to WCCP
* Henrik Nordstrom [EMAIL PROTECTED]:
On Monday 16 June 2003 10.58, Jay Turner wrote:
iptables -N syn-flood
iptables -A INPUT -i $IFACE -p tcp --syn -j syn-flood
iptables -A syn-flood -m limit --limit 1/s --limit-burst 80 -j
RETURN iptables -A syn-flood -j LOG --log-prefix
On Monday 16 June 2003 12.59, Andrius Kriukovas wrote:
1. Could you implement this ACL type in the next squid version? :)
Because you have a global setting, I think it is wise to have
adequate ACL.
This pretty much depends on my customers. I agree that it would be
best done as an ACL instead
Henrik,
I tried:
[/tmp/squid-2.5.STABLE3] # configure --enable-basic-auth-helpers=LDAP
[/tmp/squid-2.5.STABLE3] # make
And get the following errors:
/libufs.a auth/libbasic.a -lcrypt -lmiscutil -lm
Making all in icons
Making all in errors
Making all in doc
Making all
Hi,
On Mon, Jun 16, Oswaldo Gomes wrote:
/usr/libexec/elf/ld: cannot find -lldap
*** Error code 1
the linker says what's wrong.
You have to install the ldap libs and headers files.
Most distributions have them in a seperate package like openldap-devel.
--
Gruß
Dieter
--
I do not get
Oswaldo Gomes wrote:
Henrik,
I tried:
[/tmp/squid-2.5.STABLE3] # configure --enable-basic-auth-helpers=LDAP
[/tmp/squid-2.5.STABLE3] # make
And get the following errors:
/libufs.a auth/libbasic.a -lcrypt -lmiscutil -lm
Making all in icons
Making all in errors
Making all in doc
Making
Raj wrote:
HI, it seems that some of our clients cannot connect to some secure
servers to download files if the remote server somehow finds out that
there is a proxy on the path. Is there any way I can bypass any such
secure connections dynamically so that the such connections are
seamless.
Hi everyone,
Im trying to use a time acl inside a file:
squid.conf
...
acl working time /working
...
/working
MTWHF 08:00-20:00
And this gives the following error:
2003/06/16 14:43:34| squid.conf line 25: acl working time /working
2003/06/16 14:43:34|
Hi,
At 13.19 16/06/2003, Henrik Nordstrom wrote:
2. Thaks for the script. I am forced to use SquidNT (porter to
NT), as my small Linux router would be kill such app as Squid. Is
there a way to do similar code for windows?
Well.. the same script should run fine under the cygwin environment on
Hello!
Well, this seems like a common enough question that I hope to not be flamed into a
hole for asking it.
Every night I have a set of URLs that I want to cache before my users come in. They
will end up looking at these URLs, so having them cached means the world to them.
I found a thread
I think I should also mention that in doing further research, many people have said
that the bandwidth spent doing this sort of thing far outweighs the lost latency.
My organization doesn't really care (that much) about the bandwidth being used, we are
supremely interested in this small group
On Monday 16 June 2003 22.56, David Olbersen wrote:
My organization doesn't really care (that much) about the bandwidth
being used, we are supremely interested in this small group of
users being able to access these cached sites as quickly as
possible with existing hardware. The other concern
Greetings,
Running Squid-2.5.STABLE3 on Linux as an accelerator with 32 redirector
processes.
Tested it using Apache Bench calling the Squid server
with its DNS name, it worked perfectly and viewing the access.log
saw that every hit was from the cache TCP_HIT:NONE overall Requests Per
Second
My http_access rules starts to allow all disregarding the other ACL's on the
http_access rule (see below) after I start then stop then start using
Netfilter REDIRECT again.
The http_access is flawless when I'm using Netfilter REDIRECT when Squid is
loaded. I stop using Netfilter REDIRECT for
Henrick,
Thank you for replying.
I don't think we're really looking for a mirror: we only want a superficial (first
page and images) copy of the page locally.
As I said, we won't be looking to the same site twice so I'll have to keep my mirror
directory clean of old content incase all the
Also, the http_access allow myAllow all will start working again only
after I do a service squid restart (ie. kill the parent). Doing a squid
-k reconfigure does not fix the issue.
This is problem if I have to keep on restarting squid everytime I switch
off/on Netfilter's REDIRECT to Squid.
On Monday 16 June 2003 23.59, per jarevez wrote:
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
http_access allow myAllow all becomes http_access allow
all after Netfilter REDIRECT is switched back on.
http_access deny myDeny all
http_access allow localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
http_access allow myAllow all becomes http_access allow
all after Netfilter REDIRECT is switched back on.
http_access deny myDeny all
http_access allow localhost
http_access allow intranet
# And finally deny all
hi,
i've searched the archives and seen that there's been a bit of
discussion of at least freebsd and transparent proxying.
i too am endeavouring to set this up.
i've checked out the following section in the squid faq.
http://www.squid-cache.org/Doc/FAQ/FAQ-17.html#ss17.8
my queries arise as
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
http_access allow myAllow all becomes http_access allow
all after Netfilter REDIRECT is switched back on.
http_access deny myDeny all
http_access allow localhost
http_access allow intranet
# And finally deny all
No, it's not using the GRE patches. I'm using the instructions for
4.8-RELEASE/STABLE:
FreeBSD-4.8 and later
The operating system now comes standard with some GRE support. You need to
make a kernel with the GRE code enabled:
pseudo-device gre
And then configure the tunnel so that the
Pada hari Senin, 16 Juni 2003 17:52, Chijioke Kalu menulis:
read your reply to Pada's problem, am using htb for this solution too and
not squid, but I cant manage the inbound/outbound traffic properly or so it
seems, so bandwidth hogging tools, like email spiders and email harvesters
tend to
hello,
Q1. I want to block *.pdf files from my squid.
Q2. ok fine if that above acl works than how can i
block more than one files (*.ps, *.pdf, *.doc,
*.swf)unlimited with one command.
Regards
cable
__
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
Cable,
Not sure about question 2 but this is how I blocked EXE files, you could modify this
to do what you want:
acl EXE urlpath_regex \.[eE][xX][eE]
http_access deny EXE
Would be interested in how to give a list of extensions though.
_
Justin
try to create a file download.txt
[eE][xX][eE]
[sS][wW][fF]
[dD][oO][cC]
acl denied urlpath_regex /path/to/download.txt
http_access deny denied
mike
- Original Message -
From: Justin Hennessy [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, June 17, 2003 11:49 AM
Subject: Re:
Ok, I will try this, I wanted to know if this iptable rule affects my other
iptable rules in my firewall script, like I have a table for my NAT, does it
matter if I put the mangle table before or after the NAT?
for example i have this rule in my nat to set up IPFORWARDING, masquerading
and
47 matches
Mail list logo